iThemes Security and iThemes Security Pro just got some awesome new features to make your WordPress sites even more secure.
Two-factor Authentication (Pro)
Two-factor authentication was one of the most requested features on our roadmap by you for iThemes Security Pro and we’re excited to release it today.
Get the full tutorial on how to setup two-factor authentication in iThemes Security Pro here.
Passwords are an old technology based on restricting access to something a person “knows.” The problem with this password-only approach is anyone else can know it or even guess it themselves. Two-factor authentication makes it tougher for someone to hack your login by adding an additional step or factor to the login process.
With two-factor authentication setup, users are required to enter both a password AND a second code sent to a device like your Android smartphone or iPhone. Both the password and the code are required to log in to a user account, adding an extra layer of security that verifies it’s actually you logging in and not someone who gained access (or even guessed) your password.
“I’ve been using two-factor authentication for my email for years now via Gmail. It’s been especially handy and helped me be more secure as, for instance, I was recently in Atlanta and printing boarding passes from a computer in a hotel’s business center. In order to get into my email, I had to include my password, which I always hate doing on public computers like that, but then to get into my email, I had to use the code sent to my iPhone to verify it was truly me,” said iThemes founder Cory Miller. “Now with iThemes Security Pro and Google Authenticator, I can have the same level of security and peace of mind with all my WordPress sites.”
You can activate this feature on the Pro tab where you can also set the minimum role (in case you don’t want to risk users like subscribers losing their phone).
Once activated, any applicable user can then activate the feature for their own account by editing their profile. An administrator can later over-ride and disable the feature (in case they lost their phone) by turning it off on the user’s account once enabled (note: admin can only disable it for a user, not enable it).
Any user making use of this technology will need to have a 2-factor application on their phone such as the free Google Authenitcator app or using the Authy app.
User Action Logging (Pro)
In iThemes Security Pro 1.3 we added “User Action Logging.” This feature allows you to keep track of what WP users are doing on your sites, like user logins, logouts, and changes to content. You can activate the new feature under the Pro tab where you can also set the minimum role for logging (so you don’t have every Subscriber or other action in a site with a lot of users).
If you’re managing multiple authors or users on a WordPress site, this feature can help you see who did what and, if an account was compromised you can quickly see which account it was.
One non-security benefit of this feature is you can see if your client’s have even logged into their sites.
Don’t Lock Yourself Out (Free and Pro)
Sometimes with the lockout detection features in iThemes Security, you can accidentally lock yourself out of your own site. Now with the new Temporary Whitelist feature, you don’t risk locking yourself out when developing or testing.
In the opening screen of iThemes Security, you’ll see the “Don’t Lock Yourself Out” box and can click the button to temporarily whitelist your own IP for a 24-hour period.
Doing so will still generate lockout error messages but will not lock the IP out allowing the user to then be able to find out what is triggering the lockout.
Please note: only 1 IP can be whitelisted in this manner per 24 hour period.
Get Two-Factor Authentication + 30 Other Ways to Secure Your WordPress Site
With iThemes Security Pro, you can lock down your WordPress site with two-factor authentication and 30+ other security settings like brute force protection, file change detection and away mode — all important security measures you can take to secure your site.